package com.mao.controller;

import com.mao.entity.User;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PostFilter;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import java.util.ArrayList;
import java.util.List;

@RestController
public class TestController {

    @GetMapping("/test/hello")
    public String add(){
        return "hello spring-security";
    }

    @GetMapping("/success/index")
    public String success(){
        return "login success";
    }

    @GetMapping("update")
//    @Secured({"ROLE_sale","ROLE_admin"})
//    @PreAuthorize("hasAnyAuthority('admin')")
    @PostAuthorize("hasAnyAuthority('admins')")
    public String update() {
        System.out.println("update -----> 执行");
        return "update success";
    }

    @GetMapping("insert")
    @PostFilter("filterObject.username=='admin1'")
    @PostAuthorize("hasAnyAuthority('admin')")
    public Object insert(){

        ArrayList<User> list = new ArrayList<>();

        list.add(new User(11,"admin1","56"));
        list.add(new User(12,"admin2","57"));

        System.out.println(list.toString());

        return list;
    }


}
